Voting System Security and Reliability Risks
After recent reports of hacking, this briefing memo describes what the risks to America’s voting system security really are — and what states, localities, and voters can do to prevent successful attacks against the integrity of our elections.
The last few weeks have brought renewed attention to the security and reliability of our voting systems. After credible reports last month that Russia was attempting to influence American elections by hacking into the DNC email server and other campaign files, new reports show the FBI has determined foreign hackers penetrated two state election databases.
This fact sheet describes what the risks to America’s voting system security really are — and what states, localities, and voters can do to prevent successful attacks against the integrity of our elections.
The Brennan Center has studied the use of computerized voting systems for over a decade. In a comprehensive study released last year, we found the use of outdated voting equipment across the country presents serious security and reliability challenges.
The United States has made important advances in securing our voting technology in the last few years. Relatively few votes are cast over the internet or machines connected to the internet, and the vast majority of ballots will be cast on systems that have a paper trail that allows election officials to independently verify software totals. This makes it highly unlikely that a cyberattack against our voting machines could have a widespread impact on the results of a national election.
Still, there is much more we should do to promote the security and accuracy of our voting systems. Computer scientists have demonstrated that older equipment, in particular, can be very insecure. It is also more difficult to maintain, and more likely to fail (even without interference from an attacker) on Election Day. While small-scale attacks or failures of individual machines might not have a widespread impact on national vote totals, they can severely damage voter confidence, and would be particularly troubling in very close contests.
Similarly, while proper safeguards can ensure attacks on voter registration databases don’t prevent a legitimate voter from casting a ballot or having her vote counted, an attack on these systems could put voters’ personal information at risk. Election officials must take all steps necessary to protect such information.
In the short run, we should do everything we can to minimize the impact of such attacks or failures. In the long run, we must treat our election infrastructure like other critical infrastructure, with regular investments and upgrades.